881 matches found
Design/Logic Flaw
An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allow...
KaiOS 安全漏洞
KaiOS is an application software. application for smart feature phones. A security vulnerability exists in KaiOS version 3.0, which stems from the ability to return a user's call logs without origin or privilege checking, which could allow an attacker to inject a JavaScript payload running in the...
CVE-2023-27108
An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allow...
Palo Alto Cortex XSOAR 6.5.0 Cross Site Scripting
Exploit Title: Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting XSS Exploit Author: omurugur Vendor Homepage: https://security.paloaltonetworks.com/CVE-2022-0020 Version: 6.5.0 - 6.2.0 - 6.1.0 Tested on: relevant os CVE : CVE-2022-0020 Author Web: https://www.justsecnow.com Author Socia...
Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting XSS Exploit Author: omurugur Vendor Homepage: https://security.paloaltonetworks.com/CVE-2022-0020 Version: 6.5.0 - 6.2.0 - 6.1.0 Tested on: relevant os CVE : CVE-2022-0020 Author Web: https://www.justsecnow.com Author Socia...
Code injection
An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript JS payload in the target’s security context...
CVE-2023-28650 CVE-2023-28650
An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript JS payload in the target’s security context...
CVE-2023-28650 CVE-2023-28650
An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript JS payload in the target’s security context...
CVE-2023-28650
The CVE-2023-28650 vulnerability affects SAUTER EY-modulo 5 Building Automation Stations, specifically the EY-AS525F001 with moduWeb. It is a Cross-Site Scripting (CWE-79) flaw where an unauthenticated remote attacker can lure a user into clicking a malicious link, causing JavaScript payloads to ...
PT-2023-21875 · Sauter +1 · Ey-As525F001 With Moduweb +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could...
Cross-site Scripting (XSS)
streamlit is vulnerable to Cross-site Scripting XSS. The vulnerability is due to a lack of sanitization in the path parameter in components.py; an attacker is able to trick the user into visiting a malicious URL which executes the malicious JavaScript payload into the browser...
CVE-2022-47373
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...
Cross site scripting
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...
CVE-2022-47373
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...
SUSE CVE-2021-26247
As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...
CVE-2022-47373 Reflected Cross Site Scripting in Search Functionality of Module Library
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...
Cross site scripting
NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...
CVE-2023-24065
The CVE-2023-24065 entry affects NOSH (version 4a5cfdb) and describes a stored XSS vulnerability on the create user page. A crafted first name field can execute JavaScript when visiting /users/2/1, with potential to exfiltrate Protected Health Information in a healthcare-charting context. Public ...
CVE-2023-24065
NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...
SAP BusinessObjects Business Intelligence Platform 4.1 < 4.1 SP12 P9 / 4.2 < 4.2 SP8 P5 XSS (2965154)
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to 4.1 SP12 P9, 4.2 SP8 P5 or 4.2 SP9 P0. It is, therefore, affected by a XSS vulnerability. An authenticated attacker is allowed to inject malicious JavaScript payload into the custom...